Digital Smiles logo

Digital Smiles

Assessing the Impact of CCPA and CPRA on Business Compliance

Businesses are struggling to keep up with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) regulations. A study by data privacy compliance company CYTRIO found that only 14.67% of the 600 mid-to-large companies included in the study that were non-compliant a year ago have become compliant since then. Of those that remain non-compliant, 13.33% have adopted a manual compliance routine, while only 1.33% have implemented an automated system. The CPRA, which extends the CCPA's provisions and went into effect at the beginning of 2023, also has its own enforcement date of July 1, 2023. This provision gives companies extra time to get compliant. The B2B/B2C breakdown of compliance between the two cohorts is also revealing. Of B2C companies, 5.33% have moved from manual compliance to automated solutions, while 12.67% have moved from non-compliant to manual compliance. For B2B companies, 8% have moved from manual compliance to automated solutions, and 14% have moved from non-compliant to manual compliance. The California Attorney General's Consumer Privacy Interactive Tool allows consumers to easily send notice to non-compliant companies when they fail to display the Do Not Sell My Information link on their website. The tool also plans to expand to other rights under CCPA and CPRA in the future. CYTRIO's CEO Vijay Basani believes that there is a lack of incentive for companies to comply with data privacy laws in the U.S. He recommends that regulators focus not only on Do Not Sell My Information, but also on implementing Privacy UX tools such as Privacy Notices, legally compliant Cookie Consent Banners, and providing consumers with the ability to exercise their data privacy rights. Overall, only 39% of companies have deployed a manual compliance solution and 9% have put in place an automated solution. This leaves over half of organizations still playing catch-up in a more regulated environment that includes legislation in Virginia, Colorado and other states. Businesses need to act now to stay compliant and protect their customers' data.

Originally reported by Martech:
This article was written automatically by artificial intelligence. Please make us aware if you have any concerns about this automatically generated content.

Our content includes affiliate links. This means that we may receive a commission if you make a purchase through one of the links on our website. This will be at no cost to you and helps to fund the content creation work on our website.